GNUnet  0.19.3
Data Structures | Macros | Functions
gnsrecord_crypto.c File Reference

API for GNS record-related crypto. More...

#include "platform.h"
#include "gnsrecord_crypto.h"
Include dependency graph for gnsrecord_crypto.c:

Go to the source code of this file.

Data Structures

struct  KeyCacheLine
 Line in cache mapping private keys to public keys. More...
 

Macros

#define LOG(kind, ...)   GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)
 
#define CSIZE   64
 

Functions

ssize_t ecdsa_symmetric_decrypt (const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
 
ssize_t ecdsa_symmetric_encrypt (const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
 
enum GNUNET_GenericReturnValue eddsa_symmetric_decrypt (const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
 
enum GNUNET_GenericReturnValue eddsa_symmetric_encrypt (const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
 
void GNR_derive_block_aes_key (unsigned char *ctr, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
 Derive session key and iv from label and public key. More...
 
void GNR_derive_block_xsalsa_key (unsigned char *nonce, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
 Derive session key and iv from label and public key. More...
 
static ssize_t block_get_size_ecdsa (const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
 
enum GNUNET_GenericReturnValue block_sign_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
 
enum GNUNET_GenericReturnValue block_sign_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_sign (const struct GNUNET_IDENTITY_PrivateKey *key, const char *label, struct GNUNET_GNSRECORD_Block *block)
 Sign a block create with GNUNET_GNSRECORD_block_create_unsigned. More...
 
static enum GNUNET_GenericReturnValue block_create_ecdsa (const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
 Sign name and records. More...
 
static ssize_t block_get_size_eddsa (const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
 
enum GNUNET_GenericReturnValue block_create_eddsa (const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
 Sign name and records (EDDSA version) More...
 
ssize_t GNUNET_GNSRECORD_block_calculate_size (const struct GNUNET_IDENTITY_PrivateKey *key, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count)
 Get size of buffer for block creation. More...
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create (const struct GNUNET_IDENTITY_PrivateKey *key, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
 Sign name and records. More...
 
static enum GNUNET_GenericReturnValue block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result, int sign)
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create_unsigned (const struct GNUNET_IDENTITY_PrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
 Create name and records but do not sign! Sign later with GNUNET_GNSRECORD_block_sign(). More...
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_create2 (const struct GNUNET_IDENTITY_PrivateKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **result)
 Sign name and records, cache derived public key (also keeps the private key in static memory, so do not use this function if keeping the private key in the process'es RAM is a major issue). More...
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_verify (const struct GNUNET_GNSRECORD_Block *block)
 Check if a signature is valid. More...
 
enum GNUNET_GenericReturnValue block_decrypt_ecdsa (const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_EcdsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 
enum GNUNET_GenericReturnValue block_decrypt_eddsa (const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_CRYPTO_EddsaPublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 
enum GNUNET_GenericReturnValue GNUNET_GNSRECORD_block_decrypt (const struct GNUNET_GNSRECORD_Block *block, const struct GNUNET_IDENTITY_PublicKey *zone_key, const char *label, GNUNET_GNSRECORD_RecordCallback proc, void *proc_cls)
 Decrypt block. More...
 
void GNUNET_GNSRECORD_query_from_private_key (const struct GNUNET_IDENTITY_PrivateKey *zone, const char *label, struct GNUNET_HashCode *query)
 Calculate the DHT query for a given label in a given zone. More...
 
void GNUNET_GNSRECORD_query_from_public_key (const struct GNUNET_IDENTITY_PublicKey *pub, const char *label, struct GNUNET_HashCode *query)
 Calculate the DHT query for a given label in a given zone. More...
 

Detailed Description

API for GNS record-related crypto.

Author
Martin Schanzenbach
Matthias Wachs
Christian Grothoff

Definition in file gnsrecord_crypto.c.

Macro Definition Documentation

◆ LOG

#define LOG (   kind,
  ... 
)    GNUNET_log_from (kind, "gnsrecord", __VA_ARGS__)

Definition at line 31 of file gnsrecord_crypto.c.

◆ CSIZE

#define CSIZE   64

Function Documentation

◆ ecdsa_symmetric_decrypt()

ssize_t ecdsa_symmetric_decrypt ( const void *  block,
size_t  size,
const unsigned char *  key,
const unsigned char *  ctr,
void *  result 
)

Definition at line 34 of file gnsrecord_crypto.c.

40 {
41  gcry_cipher_hd_t handle;
42  int rc;
43 
44  GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
45  GCRY_CIPHER_MODE_CTR, 0));
46  rc = gcry_cipher_setkey (handle,
47  key,
48  GNUNET_CRYPTO_AES_KEY_LENGTH);
49  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
50  rc = gcry_cipher_setctr (handle,
51  ctr,
52  GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
53  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
54  GNUNET_assert (0 == gcry_cipher_decrypt (handle, result, size, block, size));
55  gcry_cipher_close (handle);
56  return size;
57 }
key
struct GNUNET_HashCode key
The key used in the DHT.
Definition: gnunet-dht-put.c:37
handle
static struct GNUNET_DNS_Handle * handle
Handle to transport service.
Definition: gnunet-dns-monitor.c:34
result
static int result
Global testing status.
Definition: gnunet-regex-profiler.c:240
GNUNET_CRYPTO_AES_KEY_LENGTH
#define GNUNET_CRYPTO_AES_KEY_LENGTH
length of the sessionkey in bytes (256 BIT sessionkey)
Definition: gnunet_crypto_lib.h:110
GNUNET_assert
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
Definition: gnunet_common.h:943
size
static unsigned int size
Size of the "table".
Definition: peer.c:68

References GNUNET_assert, GNUNET_CRYPTO_AES_KEY_LENGTH, handle, key, result, and size.

◆ ecdsa_symmetric_encrypt()

ssize_t ecdsa_symmetric_encrypt ( const void *  block,
size_t  size,
const unsigned char *  key,
const unsigned char *  ctr,
void *  result 
)

Definition at line 61 of file gnsrecord_crypto.c.

67 {
68  gcry_cipher_hd_t handle;
69  int rc;
70 
71  GNUNET_assert (0 == gcry_cipher_open (&handle, GCRY_CIPHER_AES256,
72  GCRY_CIPHER_MODE_CTR, 0));
73  rc = gcry_cipher_setkey (handle,
74  key,
75  GNUNET_CRYPTO_AES_KEY_LENGTH);
76  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
77  rc = gcry_cipher_setctr (handle,
78  ctr,
79  GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
80  GNUNET_assert ((0 == rc) || ((char) rc == GPG_ERR_WEAK_KEY));
81  GNUNET_assert (0 == gcry_cipher_encrypt (handle, result, size, block, size));
82  gcry_cipher_close (handle);
83  return size;
84 }

References GNUNET_assert, GNUNET_CRYPTO_AES_KEY_LENGTH, handle, key, result, and size.

◆ eddsa_symmetric_decrypt()

enum GNUNET_GenericReturnValue eddsa_symmetric_decrypt ( const void *  block,
size_t  size,
const unsigned char *  key,
const unsigned char *  nonce,
void *  result 
)

Definition at line 61 of file gnsrecord_crypto.c.

94 {
95  ssize_t ctlen = size - crypto_secretbox_MACBYTES;
96  if (ctlen < 0)
97  return GNUNET_SYSERR;
98  if (0 != crypto_secretbox_open_detached (result,
99  ((unsigned char*) block)
100  + crypto_secretbox_MACBYTES, // Ciphertext
101  block, // Tag
102  ctlen,
103  nonce, key))
104  {
105  return GNUNET_SYSERR;
106  }
107  return GNUNET_OK;
108 }
GNUNET_OK
@ GNUNET_OK
Definition: gnunet_common.h:109
GNUNET_SYSERR
@ GNUNET_SYSERR
Definition: gnunet_common.h:107

◆ eddsa_symmetric_encrypt()

enum GNUNET_GenericReturnValue eddsa_symmetric_encrypt ( const void *  block,
size_t  size,
const unsigned char *  key,
const unsigned char *  nonce,
void *  result 
)

Definition at line 61 of file gnsrecord_crypto.c.

118 {
119  if (size > crypto_secretbox_MESSAGEBYTES_MAX)
120  return GNUNET_SYSERR;
121  crypto_secretbox_detached (result + crypto_secretbox_MACBYTES, // Ciphertext
122  result, // TAG
123  block, size, nonce, key);
124  return GNUNET_OK;
125 }

◆ GNR_derive_block_aes_key()

void GNR_derive_block_aes_key ( unsigned char *  ctr,
unsigned char *  key,
const char *  label,
uint64_t  exp,
const struct GNUNET_CRYPTO_EcdsaPublicKey pub 
)

Derive session key and iv from label and public key.

Parameters
ivinitialization vector to initialize
skeysession key to initialize
labellabel to use for KDF
pubpublic key to use for KDF

4 byte nonce

Expiration time 64 bit.

Set counter part to 1

Definition at line 129 of file gnsrecord_crypto.c.

134 {
135  static const char ctx_key[] = "gns-aes-ctx-key";
136  static const char ctx_iv[] = "gns-aes-ctx-iv";
137 
138  GNUNET_CRYPTO_kdf (key, GNUNET_CRYPTO_AES_KEY_LENGTH,
139  ctx_key, strlen (ctx_key),
140  pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
141  label, strlen (label),
142  NULL, 0);
143  memset (ctr, 0, GNUNET_CRYPTO_AES_KEY_LENGTH / 2);
145  GNUNET_CRYPTO_kdf (ctr, 4,
146  ctx_iv, strlen (ctx_iv),
147  pub, sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey),
148  label, strlen (label),
149  NULL, 0);
151  memcpy (ctr + 4, &exp, sizeof (exp));
153  ctr[15] |= 0x01;
154 }
pub
static struct GNUNET_CRYPTO_EddsaPublicKey pub
Definition: gnunet-scrypt.c:47
GNUNET_CRYPTO_kdf
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_kdf(void *result, size_t out_len, const void *xts, size_t xts_len, const void *skm, size_t skm_len,...)
Derive key.
Definition: crypto_kdf.c:70
GNUNET_CRYPTO_EcdsaPublicKey
Public ECC key (always for Curve25519) encoded in a format suitable for network transmission and ECDS...
Definition: gnunet_crypto_lib.h:216

References GNUNET_CRYPTO_AES_KEY_LENGTH, GNUNET_CRYPTO_kdf(), key, and pub.

Referenced by run_pkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ GNR_derive_block_xsalsa_key()

void GNR_derive_block_xsalsa_key ( unsigned char *  nonce,
unsigned char *  key,
const char *  label,
uint64_t  exp,
const struct GNUNET_CRYPTO_EddsaPublicKey pub 
)

Derive session key and iv from label and public key.

Parameters
nonceinitialization vector to initialize
skeysession key to initialize
labellabel to use for KDF
pubpublic key to use for KDF

16 byte nonce

Expiration time 64 bit.

Definition at line 158 of file gnsrecord_crypto.c.

163 {
164  static const char ctx_key[] = "gns-xsalsa-ctx-key";
165  static const char ctx_iv[] = "gns-xsalsa-ctx-iv";
166 
167  GNUNET_CRYPTO_kdf (key, crypto_secretbox_KEYBYTES,
168  ctx_key, strlen (ctx_key),
169  pub, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
170  label, strlen (label),
171  NULL, 0);
172  memset (nonce, 0, crypto_secretbox_NONCEBYTES);
174  GNUNET_CRYPTO_kdf (nonce, (crypto_secretbox_NONCEBYTES - sizeof (exp)),
175  ctx_iv, strlen (ctx_iv),
176  pub, sizeof(struct GNUNET_CRYPTO_EddsaPublicKey),
177  label, strlen (label),
178  NULL, 0);
180  memcpy (nonce + (crypto_secretbox_NONCEBYTES - sizeof (exp)),
181  &exp, sizeof (exp));
182 }
GNUNET_CRYPTO_EddsaPublicKey
Public ECC key (always for curve Ed25519) encoded in a format suitable for network transmission and E...
Definition: gnunet_crypto_lib.h:201

References GNUNET_CRYPTO_kdf(), key, and pub.

Referenced by run_edkey().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ block_get_size_ecdsa()

static ssize_t block_get_size_ecdsa ( const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count 
)
static

Definition at line 186 of file gnsrecord_crypto.c.

188 {
189  ssize_t len;
190 
191  len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
192  if (len < 0)
193  return -1;
194  len += sizeof(struct GNUNET_GNSRECORD_Block);
195  return len;
196 }
len
uint16_t len
length of data (which is always a uint32_t, but presumably this can be used to specify that fewer byt...
Definition: gnunet-helper-transport-wlan.c:16
rd_count
static unsigned int rd_count
Number of records for currently parsed set.
Definition: gnunet-namestore-zonefile.c:61
rd
static struct GNUNET_GNSRECORD_Data rd[50]
The record data under a single label.
Definition: gnunet-namestore-zonefile.c:46
GNUNET_GNSRECORD_records_get_size
GNUNET_NETWORK_STRUCT_END ssize_t GNUNET_GNSRECORD_records_get_size(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd)
Calculate how many bytes we will need to serialize the given records.
Definition: gnsrecord_serialization.c:78
GNUNET_GNSRECORD_Block
Definition: gnunet_gnsrecord_lib.h:279

Referenced by block_create2().

Here is the caller graph for this function:

◆ block_sign_ecdsa()

enum GNUNET_GenericReturnValue block_sign_ecdsa ( const struct GNUNET_CRYPTO_EcdsaPrivateKey key,
const struct GNUNET_CRYPTO_EcdsaPublicKey pkey,
const char *  label,
struct GNUNET_GNSRECORD_Block block 
)

Definition at line 186 of file gnsrecord_crypto.c.

205 {
206  struct GNRBlockPS *gnr_block;
207  struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
208  size_t size = ntohl (block->size) - sizeof (*block) + sizeof (*gnr_block);
209 
210  gnr_block = GNUNET_malloc (size);
211  ecblock = &(block)->ecdsa_block;
212  gnr_block->purpose.size = htonl (size);
213  gnr_block->purpose.purpose =
214  htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
215  gnr_block->expiration_time = ecblock->expiration_time;
216  /* encrypt and sign */
217  GNUNET_memcpy (&gnr_block[1], &ecblock[1],
218  size - sizeof (*gnr_block));
219  GNUNET_CRYPTO_ecdsa_public_key_derive (pkey,
220  label,
221  "gns",
222  &ecblock->derived_key);
223  if (GNUNET_OK !=
224  GNUNET_CRYPTO_ecdsa_sign_derived (key,
225  label,
226  "gns",
227  &gnr_block->purpose,
228  &ecblock->signature))
229  {
230  GNUNET_break (0);
231  GNUNET_free (gnr_block);
232  return GNUNET_SYSERR;
233  }
234  GNUNET_free (gnr_block);
235  return GNUNET_OK;
236 }
GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN
#define GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN
Signature of a gnunet naming system record block (GNUnet-GNSRECORD)
Definition: gnunet_signatures.h:124
pkey
static char * pkey
Public key of the zone to look in, in ASCII.
Definition: gnunet-namecache.c:58
GNUNET_CRYPTO_ecdsa_public_key_derive
void GNUNET_CRYPTO_ecdsa_public_key_derive(const struct GNUNET_CRYPTO_EcdsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EcdsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_ecc_gnsrecord.c:239
GNUNET_CRYPTO_ecdsa_sign_derived
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_ecdsa_sign_derived(const struct GNUNET_CRYPTO_EcdsaPrivateKey *pkey, const char *label, const char *context, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EcdsaSignature *sig)
This is a signature function for ECDSA which takes a private key, derives/blinds it and signs the mes...
Definition: crypto_ecc_gnsrecord.c:174
GNUNET_memcpy
#define GNUNET_memcpy(dst, src, n)
Call memcpy() but check for n being 0 first.
Definition: gnunet_common.h:1294
GNUNET_break
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
Definition: gnunet_common.h:1024
GNUNET_malloc
#define GNUNET_malloc(size)
Wrapper around malloc.
Definition: gnunet_common.h:1352
GNUNET_free
#define GNUNET_free(ptr)
Wrapper around free.
Definition: gnunet_common.h:1412
GNRBlockPS
Information we have in an encrypted block with record data (i.e.
Definition: gnsrecord_crypto.h:39
GNRBlockPS::purpose
struct GNUNET_CRYPTO_EccSignaturePurpose purpose
Number of bytes signed; also specifies the number of bytes of encrypted data that follow.
Definition: gnsrecord_crypto.h:44
GNRBlockPS::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition: gnsrecord_crypto.h:49
GNUNET_CRYPTO_EccSignaturePurpose::size
uint32_t size
How many bytes does this signature sign? (including this purpose header); in network byte order (!...
Definition: gnunet_crypto_lib.h:147
GNUNET_CRYPTO_EccSignaturePurpose::purpose
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
Definition: gnunet_crypto_lib.h:155
GNUNET_GNSRECORD_Block::size
uint32_t size
Size of the block.
Definition: gnunet_gnsrecord_lib.h:283
GNUNET_GNSRECORD_EcdsaBlock
Information we have in an encrypted block with record data (i.e.
Definition: gnunet_gnsrecord_lib.h:233
GNUNET_GNSRECORD_EcdsaBlock::signature
struct GNUNET_CRYPTO_EcdsaSignature signature
Signature of the block.
Definition: gnunet_gnsrecord_lib.h:242
GNUNET_GNSRECORD_EcdsaBlock::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition: gnunet_gnsrecord_lib.h:247
GNUNET_GNSRECORD_EcdsaBlock::derived_key
struct GNUNET_CRYPTO_EcdsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
Definition: gnunet_gnsrecord_lib.h:237

◆ block_sign_eddsa()

enum GNUNET_GenericReturnValue block_sign_eddsa ( const struct GNUNET_CRYPTO_EddsaPrivateKey key,
const struct GNUNET_CRYPTO_EddsaPublicKey pkey,
const char *  label,
struct GNUNET_GNSRECORD_Block block 
)

Definition at line 186 of file gnsrecord_crypto.c.

246 {
247  struct GNRBlockPS *gnr_block;
248  struct GNUNET_GNSRECORD_EddsaBlock *edblock;
249  size_t size = ntohl (block->size) - sizeof (*block) + sizeof (*gnr_block);
250  gnr_block = GNUNET_malloc (size);
251  edblock = &(block)->eddsa_block;
252  gnr_block->purpose.size = htonl (size);
253  gnr_block->purpose.purpose =
254  htonl (GNUNET_SIGNATURE_PURPOSE_GNS_RECORD_SIGN);
255  gnr_block->expiration_time = edblock->expiration_time;
256  GNUNET_memcpy (&gnr_block[1], &edblock[1],
257  size - sizeof (*gnr_block));
258  /* encrypt and sign */
259  GNUNET_CRYPTO_eddsa_public_key_derive (pkey,
260  label,
261  "gns",
262  &edblock->derived_key);
263  GNUNET_CRYPTO_eddsa_sign_derived (key,
264  label,
265  "gns",
266  &gnr_block->purpose,
267  &edblock->signature);
268  GNUNET_free (gnr_block);
269  return GNUNET_OK;
270 }
GNUNET_CRYPTO_eddsa_public_key_derive
void GNUNET_CRYPTO_eddsa_public_key_derive(const struct GNUNET_CRYPTO_EddsaPublicKey *pub, const char *label, const char *context, struct GNUNET_CRYPTO_EddsaPublicKey *result)
Derive a public key from a given public key and a label.
Definition: crypto_ecc_gnsrecord.c:392
GNUNET_CRYPTO_eddsa_sign_derived
enum GNUNET_GenericReturnValue GNUNET_CRYPTO_eddsa_sign_derived(const struct GNUNET_CRYPTO_EddsaPrivateKey *pkey, const char *label, const char *context, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_CRYPTO_EddsaSignature *sig)
This is a signature function for EdDSA which takes a private key and derives it using the label and c...
Definition: crypto_ecc_gnsrecord.c:72
GNUNET_GNSRECORD_EddsaBlock
Information we have in an encrypted block with record data (i.e.
Definition: gnunet_gnsrecord_lib.h:257
GNUNET_GNSRECORD_EddsaBlock::derived_key
struct GNUNET_CRYPTO_EddsaPublicKey derived_key
Derived key used for signing; hash of this is the query.
Definition: gnunet_gnsrecord_lib.h:261
GNUNET_GNSRECORD_EddsaBlock::expiration_time
struct GNUNET_TIME_AbsoluteNBO expiration_time
Expiration time of the block.
Definition: gnunet_gnsrecord_lib.h:271
GNUNET_GNSRECORD_EddsaBlock::signature
struct GNUNET_CRYPTO_EddsaSignature signature
Signature of the block.
Definition: gnunet_gnsrecord_lib.h:266

◆ block_create_ecdsa()

static enum GNUNET_GenericReturnValue block_create_ecdsa ( const struct GNUNET_CRYPTO_EcdsaPrivateKey key,
const struct GNUNET_CRYPTO_EcdsaPublicKey pkey,
struct GNUNET_TIME_Absolute  expire,
const char *  label,
const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count,
struct GNUNET_GNSRECORD_Block **  block,
int  sign 
)
static

Sign name and records.

Parameters
keythe private key
pkeyassociated public key
expireblock expiration
labelthe name for the records
rdrecord data
rd_countnumber of records
blockthe block result. Must be allocated sufficiently.
signsign the block GNUNET_NO if block will be signed later.
Returns
GNUNET_SYSERR on error (otherwise GNUNET_OK)

Definition at line 186 of file gnsrecord_crypto.c.

331 {
332  ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
333  rd);
334  struct GNUNET_GNSRECORD_EcdsaBlock *ecblock;
335  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
336  unsigned char skey[GNUNET_CRYPTO_AES_KEY_LENGTH];
337  struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
338  struct GNUNET_TIME_Absolute now;
339 
340  if (payload_len < 0)
341  {
342  GNUNET_break (0);
343  return GNUNET_SYSERR;
344  }
345  if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
346  {
347  GNUNET_break (0);
348  return GNUNET_SYSERR;
349  }
350  /* convert relative to absolute times */
351  now = GNUNET_TIME_absolute_get ();
352  for (unsigned int i = 0; i < rd_count; i++)
353  {
354  rdc[i] = rd[i];
355  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
356  {
357  struct GNUNET_TIME_Relative t;
358 
359  /* encrypted blocks must never have relative expiration times, convert! */
360  rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
361  t.rel_value_us = rdc[i].expiration_time;
362  rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
363  }
364  }
365  /* serialize */
366  *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block) + payload_len);
367  (*block)->size = htonl (sizeof (struct GNUNET_GNSRECORD_Block) + payload_len);
368  {
369  char payload[payload_len];
370 
371  GNUNET_assert (payload_len ==
372  GNUNET_GNSRECORD_records_serialize (rd_count,
373  rdc,
374  payload_len,
375  payload));
376  ecblock = &(*block)->ecdsa_block;
377  (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_PKEY);
378  ecblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
379  GNR_derive_block_aes_key (ctr,
380  skey,
381  label,
382  ecblock->expiration_time.abs_value_us__,
383  pkey);
384  GNUNET_assert (payload_len ==
385  ecdsa_symmetric_encrypt (payload,
386  payload_len,
387  skey,
388  ctr,
389  &ecblock[1]));
390  }
391  if (GNUNET_YES != sign)
392  return GNUNET_OK;
393  if (GNUNET_OK !=
394  block_sign_ecdsa (key, pkey, label, *block))
395  {
396  GNUNET_break (0);
397  GNUNET_free (*block);
398  return GNUNET_SYSERR;
399  }
400  return GNUNET_OK;
401 }
GNUNET_GNSRECORD_TYPE_PKEY
#define GNUNET_GNSRECORD_TYPE_PKEY
WARNING: This header is generated! In order to add GNS record types, you must register them in GANA,...
Definition: gnu_name_system_record_types.h:43
block_sign_ecdsa
enum GNUNET_GenericReturnValue block_sign_ecdsa(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
Definition: gnsrecord_crypto.c:199
ecdsa_symmetric_encrypt
ssize_t ecdsa_symmetric_encrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
Definition: gnsrecord_crypto.c:61
GNR_derive_block_aes_key
void GNR_derive_block_aes_key(unsigned char *ctr, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Derive session key and iv from label and public key.
Definition: gnsrecord_crypto.c:129
expire
static char * expire
DID Document expiration Date Attribut String.
Definition: gnunet-did.c:101
payload
static unsigned long long payload
How much data are we currently storing in the database?
Definition: gnunet-service-datastore.c:183
t
static struct GNUNET_SCHEDULER_Task * t
Main task.
Definition: gnunet-zonewalk.c:119
GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION
@ GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION
This expiration time of the record is a relative time (not an absolute time).
Definition: gnunet_gnsrecord_lib.h:127
GNUNET_GNSRECORD_MAX_BLOCK_SIZE
#define GNUNET_GNSRECORD_MAX_BLOCK_SIZE
Maximum size of a value that can be stored in a GNS block.
Definition: gnunet_gnsrecord_lib.h:59
GNUNET_GNSRECORD_records_serialize
ssize_t GNUNET_GNSRECORD_records_serialize(unsigned int rd_count, const struct GNUNET_GNSRECORD_Data *rd, size_t dest_size, char *dest)
Serialize the given records to the given destination buffer.
Definition: gnsrecord_serialization.c:136
GNUNET_NZL
#define GNUNET_NZL(l)
Macro used to avoid using 0 for the length of a variable-size array (Non-Zero-Length).
Definition: gnunet_common.h:232
GNUNET_YES
@ GNUNET_YES
Definition: gnunet_common.h:111
GNUNET_TIME_absolute_get
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:111
GNUNET_TIME_absolute_add
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:450
GNUNET_TIME_absolute_hton
struct GNUNET_TIME_AbsoluteNBO GNUNET_TIME_absolute_hton(struct GNUNET_TIME_Absolute a)
Convert absolute time to network byte order.
Definition: time.c:638
GNUNET_GNSRECORD_Data
A GNS record.
Definition: gnunet_gnsrecord_lib.h:172
GNUNET_TIME_AbsoluteNBO::abs_value_us__
uint64_t abs_value_us__
The actual value (in network byte order).
Definition: gnunet_time_lib.h:106
GNUNET_TIME_Absolute
Time for absolute times used by GNUnet, in microseconds.
Definition: gnunet_time_lib.h:54
GNUNET_TIME_Absolute::abs_value_us
uint64_t abs_value_us
The actual value.
Definition: gnunet_time_lib.h:58
GNUNET_TIME_Relative
Time for relative time used by GNUnet, in microseconds.
Definition: gnunet_time_lib.h:77

References GNUNET_GNSRECORD_records_get_size(), len, rd, and rd_count.

Here is the call graph for this function:

◆ block_get_size_eddsa()

static ssize_t block_get_size_eddsa ( const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count 
)
static

Definition at line 404 of file gnsrecord_crypto.c.

406 {
407  ssize_t len;
408 
409  len = GNUNET_GNSRECORD_records_get_size (rd_count, rd);
410  if (len < 0)
411  return -1;
412  len += sizeof(struct GNUNET_GNSRECORD_Block);
413  len += crypto_secretbox_MACBYTES;
414  return len;
415 }

Referenced by block_create2().

Here is the caller graph for this function:

◆ block_create_eddsa()

enum GNUNET_GenericReturnValue block_create_eddsa ( const struct GNUNET_CRYPTO_EddsaPrivateKey key,
const struct GNUNET_CRYPTO_EddsaPublicKey pkey,
struct GNUNET_TIME_Absolute  expire,
const char *  label,
const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count,
struct GNUNET_GNSRECORD_Block **  block,
int  sign 
)

Sign name and records (EDDSA version)

Parameters
keythe private key
pkeyassociated public key
expireblock expiration
labelthe name for the records
rdrecord data
rd_countnumber of records
blockwhere to store the block. Must be allocated sufficiently.
signGNUNET_YES if block shall be signed as well
Returns
GNUNET_SYSERR on error (otherwise GNUNET_OK)

Definition at line 404 of file gnsrecord_crypto.c.

440 {
441  ssize_t payload_len = GNUNET_GNSRECORD_records_get_size (rd_count,
442  rd);
443  struct GNUNET_GNSRECORD_EddsaBlock *edblock;
444  unsigned char nonce[crypto_secretbox_NONCEBYTES];
445  unsigned char skey[crypto_secretbox_KEYBYTES];
446  struct GNUNET_GNSRECORD_Data rdc[GNUNET_NZL (rd_count)];
447  struct GNUNET_TIME_Absolute now;
448 
449  if (payload_len < 0)
450  {
451  GNUNET_break (0);
452  return GNUNET_SYSERR;
453  }
454  if (payload_len > GNUNET_GNSRECORD_MAX_BLOCK_SIZE)
455  {
456  GNUNET_break (0);
457  return GNUNET_SYSERR;
458  }
459  /* convert relative to absolute times */
460  now = GNUNET_TIME_absolute_get ();
461  for (unsigned int i = 0; i < rd_count; i++)
462  {
463  rdc[i] = rd[i];
464  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
465  {
466  struct GNUNET_TIME_Relative t;
467 
468  /* encrypted blocks must never have relative expiration times, convert! */
469  rdc[i].flags &= ~GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION;
470  t.rel_value_us = rdc[i].expiration_time;
471  rdc[i].expiration_time = GNUNET_TIME_absolute_add (now, t).abs_value_us;
472  }
473  }
474  /* serialize */
475  *block = GNUNET_malloc (sizeof (struct GNUNET_GNSRECORD_Block)
476  + payload_len + crypto_secretbox_MACBYTES);
477  (*block)->size = htonl (sizeof (struct GNUNET_GNSRECORD_Block)
478  + payload_len + crypto_secretbox_MACBYTES);
479  {
480  char payload[payload_len];
481 
482  GNUNET_assert (payload_len ==
483  GNUNET_GNSRECORD_records_serialize (rd_count,
484  rdc,
485  payload_len,
486  payload));
487  edblock = &(*block)->eddsa_block;
488  (*block)->type = htonl (GNUNET_GNSRECORD_TYPE_EDKEY);
489  edblock->expiration_time = GNUNET_TIME_absolute_hton (expire);
490  GNR_derive_block_xsalsa_key (nonce,
491  skey,
492  label,
493  edblock->expiration_time.abs_value_us__,
494  pkey);
495  GNUNET_assert (GNUNET_OK ==
496  eddsa_symmetric_encrypt (payload,
497  payload_len,
498  skey,
499  nonce,
500  &edblock[1]));
501  if (GNUNET_YES != sign)
502  return GNUNET_OK;
503  block_sign_eddsa (key, pkey, label, *block);
504  }
505  return GNUNET_OK;
506 }
GNUNET_GNSRECORD_TYPE_EDKEY
#define GNUNET_GNSRECORD_TYPE_EDKEY
Record type for EDKEY zone delegations.
Definition: gnu_name_system_record_types.h:151
block_sign_eddsa
enum GNUNET_GenericReturnValue block_sign_eddsa(const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, const char *label, struct GNUNET_GNSRECORD_Block *block)
Definition: gnsrecord_crypto.c:240
GNR_derive_block_xsalsa_key
void GNR_derive_block_xsalsa_key(unsigned char *nonce, unsigned char *key, const char *label, uint64_t exp, const struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Derive session key and iv from label and public key.
Definition: gnsrecord_crypto.c:158
eddsa_symmetric_encrypt
enum GNUNET_GenericReturnValue eddsa_symmetric_encrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
Definition: gnsrecord_crypto.c:112

References GNUNET_GNSRECORD_records_get_size(), len, rd, and rd_count.

Here is the call graph for this function:

◆ block_create2()

static enum GNUNET_GenericReturnValue block_create2 ( const struct GNUNET_IDENTITY_PrivateKey pkey,
struct GNUNET_TIME_Absolute  expire,
const char *  label,
const struct GNUNET_GNSRECORD_Data rd,
unsigned int  rd_count,
struct GNUNET_GNSRECORD_Block **  result,
int  sign 
)
static

Definition at line 509 of file gnsrecord_crypto.c.

605 {
606  const struct GNUNET_CRYPTO_EcdsaPrivateKey *key;
607  struct GNUNET_CRYPTO_EddsaPublicKey edpubkey;
608  enum GNUNET_GenericReturnValue res = GNUNET_SYSERR;
609  char *norm_label;
610 
611  norm_label = GNUNET_GNSRECORD_string_normalize (label);
612 
613  if (GNUNET_IDENTITY_TYPE_ECDSA == ntohl (pkey->type))
614  {
615  key = &pkey->ecdsa_key;
616 #define CSIZE 64
617  static struct KeyCacheLine cache[CSIZE];
618  struct KeyCacheLine *line;
619 
620  line = &cache[(*(unsigned int *) key) % CSIZE];
621  if (0 != memcmp (&line->key,
622  key,
623  sizeof(*key)))
624  {
625  /* cache miss, recompute */
626  line->key = *key;
627  GNUNET_CRYPTO_ecdsa_key_get_public (key,
628  &line->pkey);
629  }
630 #undef CSIZE
631  res = block_create_ecdsa (key,
632  &line->pkey,
633  expire,
634  norm_label,
635  rd,
636  rd_count,
637  result,
638  sign);
639  }
640  else if (GNUNET_IDENTITY_TYPE_EDDSA == ntohl (pkey->type))
641  {
642  GNUNET_CRYPTO_eddsa_key_get_public (&pkey->eddsa_key,
643  &edpubkey);
644  res = block_create_eddsa (&pkey->eddsa_key,
645  &edpubkey,
646  expire,
647  norm_label,
648  rd,
649  rd_count,
650  result,
651  sign);
652  }
653  GNUNET_free (norm_label);
654  return res;
655 }
block_create_eddsa
enum GNUNET_GenericReturnValue block_create_eddsa(const struct GNUNET_CRYPTO_EddsaPrivateKey *key, const struct GNUNET_CRYPTO_EddsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
Sign name and records (EDDSA version)
Definition: gnsrecord_crypto.c:432
block_create_ecdsa
static enum GNUNET_GenericReturnValue block_create_ecdsa(const struct GNUNET_CRYPTO_EcdsaPrivateKey *key, const struct GNUNET_CRYPTO_EcdsaPublicKey *pkey, struct GNUNET_TIME_Absolute expire, const char *label, const struct GNUNET_GNSRECORD_Data *rd, unsigned int rd_count, struct GNUNET_GNSRECORD_Block **block, int sign)
Sign name and records.
Definition: gnsrecord_crypto.c:323
CSIZE
#define CSIZE
res
static int res
Definition: gnunet-ats-solver-eval.c:85
line
static char * line
Desired phone line (string to be converted to a hash).
Definition: gnunet-conversation.c:157
cache
static struct GNUNET_CONTAINER_MultiHashMap32 * cache
Hashmap to maintain cache.
Definition: gnunet-service-testbed_cache.c:69
GNUNET_CRYPTO_eddsa_key_get_public
void GNUNET_CRYPTO_eddsa_key_get_public(const struct GNUNET_CRYPTO_EddsaPrivateKey *priv, struct GNUNET_CRYPTO_EddsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:197
GNUNET_CRYPTO_ecdsa_key_get_public
void GNUNET_CRYPTO_ecdsa_key_get_public(const struct GNUNET_CRYPTO_EcdsaPrivateKey *priv, struct GNUNET_CRYPTO_EcdsaPublicKey *pub)
Extract the public key for the given private key.
Definition: crypto_ecc.c:186
GNUNET_GNSRECORD_string_normalize
char * GNUNET_GNSRECORD_string_normalize(const char *src)
Normalize a UTF-8 string to a GNS name.
Definition: gnsrecord_misc.c:39
GNUNET_IDENTITY_TYPE_ECDSA
@ GNUNET_IDENTITY_TYPE_ECDSA
The identity type.
Definition: gnunet_identity_service.h:70
GNUNET_IDENTITY_TYPE_EDDSA
@ GNUNET_IDENTITY_TYPE_EDDSA
EDDSA identity.
Definition: gnunet_identity_service.h:76
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:106
GNUNET_CRYPTO_EcdsaPrivateKey
Private ECC key encoded for transmission.
Definition: gnunet_crypto_lib.h:266
KeyCacheLine
Line in cache mapping private keys to public keys.
Definition: gnsrecord_crypto.c:584

References block_get_size_ecdsa(), block_get_size_eddsa(), GNUNET_assert, GNUNET_GNSRECORD_TYPE_EDKEY, GNUNET_GNSRECORD_TYPE_PKEY, GNUNET_IDENTITY_key_get_public(), key, pkey, rd, rd_count, and res.

Here is the call graph for this function:

◆ block_decrypt_ecdsa()

enum GNUNET_GenericReturnValue block_decrypt_ecdsa ( const struct GNUNET_GNSRECORD_Block block,
const struct GNUNET_CRYPTO_EcdsaPublicKey zone_key,
const char *  label,
GNUNET_GNSRECORD_RecordCallback  proc,
void *  proc_cls 
)

Definition at line 509 of file gnsrecord_crypto.c.

737 {
738  size_t payload_len = ntohl (block->size) - sizeof (struct
739  GNUNET_GNSRECORD_Block);
740  unsigned char ctr[GNUNET_CRYPTO_AES_KEY_LENGTH / 2];
741  unsigned char key[GNUNET_CRYPTO_AES_KEY_LENGTH];
742 
743  if (ntohl (block->size) <
744  sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
745  + sizeof(struct GNUNET_TIME_AbsoluteNBO))
746  {
747  GNUNET_break_op (0);
748  return GNUNET_SYSERR;
749  }
750  GNR_derive_block_aes_key (ctr,
751  key,
752  label,
753  block->ecdsa_block.expiration_time.abs_value_us__,
754  zone_key);
755  {
756  char payload[payload_len];
757  unsigned int rd_count;
758 
759  GNUNET_assert (payload_len ==
760  ecdsa_symmetric_decrypt (&block[1], payload_len,
761  key, ctr,
762  payload));
763  rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len,
764  payload);
765  if (rd_count > 2048)
766  {
767  /* limit to sane value */
768  GNUNET_break_op (0);
769  return GNUNET_SYSERR;
770  }
771  {
772  struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
773  unsigned int j;
774  struct GNUNET_TIME_Absolute now;
775 
776  if (GNUNET_OK !=
777  GNUNET_GNSRECORD_records_deserialize (payload_len,
778  payload,
779  rd_count,
780  rd))
781  {
782  GNUNET_break_op (0);
783  return GNUNET_SYSERR;
784  }
785  /* hide expired records */
786  now = GNUNET_TIME_absolute_get ();
787  j = 0;
788  for (unsigned int i = 0; i < rd_count; i++)
789  {
790  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
791  {
792  /* encrypted blocks must never have relative expiration times, skip! */
793  GNUNET_break_op (0);
794  continue;
795  }
796 
797  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW))
798  {
799  int include_record = GNUNET_YES;
800  /* Shadow record, figure out if we have a not expired active record */
801  for (unsigned int k = 0; k < rd_count; k++)
802  {
803  if (k == i)
804  continue;
805  if (rd[i].expiration_time < now.abs_value_us)
806  include_record = GNUNET_NO; /* Shadow record is expired */
807  if ((rd[k].record_type == rd[i].record_type) &&
808  (rd[k].expiration_time >= now.abs_value_us) &&
809  (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW)))
810  {
811  include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
812  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
813  "Ignoring shadow record\n");
814  break;
815  }
816  }
817  if (GNUNET_YES == include_record)
818  {
819  rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW; /* Remove Flag */
820  if (j != i)
821  rd[j] = rd[i];
822  j++;
823  }
824  }
825  else if (rd[i].expiration_time >= now.abs_value_us)
826  {
827  /* Include this record */
828  if (j != i)
829  rd[j] = rd[i];
830  j++;
831  }
832  else
833  {
834  struct GNUNET_TIME_Absolute at;
835 
836  at.abs_value_us = rd[i].expiration_time;
837  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
838  "Excluding record that expired %s (%llu ago)\n",
839  GNUNET_STRINGS_absolute_time_to_string (at),
840  (unsigned long long) rd[i].expiration_time
841  - now.abs_value_us);
842  }
843  }
844  rd_count = j;
845  if (NULL != proc)
846  proc (proc_cls,
847  rd_count,
848  (0 != rd_count) ? rd : NULL);
849  }
850  }
851  return GNUNET_OK;
852 }
ecdsa_symmetric_decrypt
ssize_t ecdsa_symmetric_decrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *ctr, void *result)
Definition: gnsrecord_crypto.c:34
zone_key
static const struct GNUNET_IDENTITY_PrivateKey * zone_key
Private key of the zone.
Definition: gnunet-namestore-fcfsd.c:139
GNUNET_GNSRECORD_RF_SHADOW
@ GNUNET_GNSRECORD_RF_SHADOW
This record should not be used unless all (other) records in the set with an absolute expiration time...
Definition: gnunet_gnsrecord_lib.h:115
GNUNET_GNSRECORD_records_deserialize
int GNUNET_GNSRECORD_records_deserialize(size_t len, const char *src, unsigned int rd_count, struct GNUNET_GNSRECORD_Data *dest)
Deserialize the given records to the given destination.
Definition: gnsrecord_serialization.c:244
GNUNET_GNSRECORD_records_deserialize_get_size
unsigned int GNUNET_GNSRECORD_records_deserialize_get_size(size_t len, const char *src)
Definition: gnsrecord_serialization.c:199
GNUNET_log
#define GNUNET_log(kind,...)
Definition: gnunet_common.h:568
GNUNET_NO
@ GNUNET_NO
Definition: gnunet_common.h:108
GNUNET_break_op
#define GNUNET_break_op(cond)
Use this for assertion violations caused by other peers (i.e.
Definition: gnunet_common.h:1046
GNUNET_ERROR_TYPE_INFO
@ GNUNET_ERROR_TYPE_INFO
Definition: gnunet_common.h:443
GNUNET_STRINGS_absolute_time_to_string
const char * GNUNET_STRINGS_absolute_time_to_string(struct GNUNET_TIME_Absolute t)
Like asctime, except for GNUnet time.
Definition: strings.c:616
GNUNET_CRYPTO_EccSignaturePurpose
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
Definition: gnunet_crypto_lib.h:141
GNUNET_GNSRECORD_Block::ecdsa_block
struct GNUNET_GNSRECORD_EcdsaBlock ecdsa_block
Definition: gnunet_gnsrecord_lib.h:292
GNUNET_GNSRECORD_Data::flags
enum GNUNET_GNSRECORD_Flags flags
Flags for the record.
Definition: gnunet_gnsrecord_lib.h:200
GNUNET_GNSRECORD_Data::expiration_time
uint64_t expiration_time
Expiration time for the DNS record.
Definition: gnunet_gnsrecord_lib.h:185
GNUNET_TIME_AbsoluteNBO
Time for absolute time used by GNUnet, in microseconds and in network byte order.
Definition: gnunet_time_lib.h:102

◆ block_decrypt_eddsa()

enum GNUNET_GenericReturnValue block_decrypt_eddsa ( const struct GNUNET_GNSRECORD_Block block,
const struct GNUNET_CRYPTO_EddsaPublicKey zone_key,
const char *  label,
GNUNET_GNSRECORD_RecordCallback  proc,
void *  proc_cls 
)

Definition at line 509 of file gnsrecord_crypto.c.

862 {
863  size_t payload_len = ntohl (block->size) - sizeof (struct
864  GNUNET_GNSRECORD_Block);
865  unsigned char nonce[crypto_secretbox_NONCEBYTES];
866  unsigned char key[crypto_secretbox_KEYBYTES];
867 
868  if (ntohl (block->size) <
869  sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
870  + sizeof(struct GNUNET_TIME_AbsoluteNBO))
871  {
872  GNUNET_break_op (0);
873  return GNUNET_SYSERR;
874  }
875  GNR_derive_block_xsalsa_key (nonce,
876  key,
877  label,
878  block->eddsa_block.expiration_time.abs_value_us__,
879  zone_key);
880  {
881  char payload[payload_len];
882  unsigned int rd_count;
883 
884  GNUNET_assert (GNUNET_OK ==
885  eddsa_symmetric_decrypt (&block[1], payload_len,
886  key, nonce,
887  payload));
888  payload_len -= crypto_secretbox_MACBYTES;
889  rd_count = GNUNET_GNSRECORD_records_deserialize_get_size (payload_len,
890  payload);
891  if (rd_count > 2048)
892  {
893  /* limit to sane value */
894  GNUNET_break_op (0);
895  return GNUNET_SYSERR;
896  }
897  {
898  struct GNUNET_GNSRECORD_Data rd[GNUNET_NZL (rd_count)];
899  unsigned int j;
900  struct GNUNET_TIME_Absolute now;
901 
902  if (GNUNET_OK !=
903  GNUNET_GNSRECORD_records_deserialize (payload_len,
904  payload,
905  rd_count,
906  rd))
907  {
908  GNUNET_break_op (0);
909  return GNUNET_SYSERR;
910  }
911  /* hide expired records */
912  now = GNUNET_TIME_absolute_get ();
913  j = 0;
914  for (unsigned int i = 0; i < rd_count; i++)
915  {
916  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_RELATIVE_EXPIRATION))
917  {
918  /* encrypted blocks must never have relative expiration times, skip! */
919  GNUNET_break_op (0);
920  continue;
921  }
922 
923  if (0 != (rd[i].flags & GNUNET_GNSRECORD_RF_SHADOW))
924  {
925  int include_record = GNUNET_YES;
926  /* Shadow record, figure out if we have a not expired active record */
927  for (unsigned int k = 0; k < rd_count; k++)
928  {
929  if (k == i)
930  continue;
931  if (rd[i].expiration_time < now.abs_value_us)
932  include_record = GNUNET_NO; /* Shadow record is expired */
933  if ((rd[k].record_type == rd[i].record_type) &&
934  (rd[k].expiration_time >= now.abs_value_us) &&
935  (0 == (rd[k].flags & GNUNET_GNSRECORD_RF_SHADOW)))
936  {
937  include_record = GNUNET_NO; /* We have a non-expired, non-shadow record of the same type */
938  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
939  "Ignoring shadow record\n");
940  break;
941  }
942  }
943  if (GNUNET_YES == include_record)
944  {
945  rd[i].flags ^= GNUNET_GNSRECORD_RF_SHADOW; /* Remove Flag */
946  if (j != i)
947  rd[j] = rd[i];
948  j++;
949  }
950  }
951  else if (rd[i].expiration_time >= now.abs_value_us)
952  {
953  /* Include this record */
954  if (j != i)
955  rd[j] = rd[i];
956  j++;
957  }
958  else
959  {
960  struct GNUNET_TIME_Absolute at;
961 
962  at.abs_value_us = rd[i].expiration_time;
963  GNUNET_log (GNUNET_ERROR_TYPE_INFO,
964  "Excluding record that expired %s (%llu ago)\n",
965  GNUNET_STRINGS_absolute_time_to_string (at),
966  (unsigned long long) rd[i].expiration_time
967  - now.abs_value_us);
968  }
969  }
970  rd_count = j;
971  if (NULL != proc)
972  proc (proc_cls,
973  rd_count,
974  (0 != rd_count) ? rd : NULL);
975  }
976  }
977  return GNUNET_OK;
978 }
eddsa_symmetric_decrypt
enum GNUNET_GenericReturnValue eddsa_symmetric_decrypt(const void *block, size_t size, const unsigned char *key, const unsigned char *nonce, void *result)
Definition: gnsrecord_crypto.c:88
GNUNET_GNSRECORD_Block::eddsa_block
struct GNUNET_GNSRECORD_EddsaBlock eddsa_block
Definition: gnunet_gnsrecord_lib.h:293